Issues_June_3W #99
@ -10,6 +10,7 @@ using Marco.Pms.Model.Projects;
|
||||
using Marco.Pms.Model.Utilities;
|
||||
using Marco.Pms.Model.ViewModels.Employee;
|
||||
using Marco.Pms.Services.Hubs;
|
||||
using Marco.Pms.Services.Service;
|
||||
using MarcoBMS.Services.Helpers;
|
||||
using MarcoBMS.Services.Service;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -35,10 +36,13 @@ namespace MarcoBMS.Services.Controllers
|
||||
private readonly IConfiguration _configuration;
|
||||
private readonly ILoggingService _logger;
|
||||
private readonly IHubContext<MarcoHub> _signalR;
|
||||
private readonly PermissionServices _permission;
|
||||
private readonly Guid ViewAllEmployee;
|
||||
private readonly Guid ViewEmployee;
|
||||
|
||||
public EmployeeController(UserManager<ApplicationUser> userManager, IEmailSender emailSender,
|
||||
ApplicationDbContext context, EmployeeHelper employeeHelper, UserHelper userHelper, IConfiguration configuration, ILoggingService logger,
|
||||
IHubContext<MarcoHub> signalR)
|
||||
IHubContext<MarcoHub> signalR, PermissionServices permission)
|
||||
{
|
||||
_context = context;
|
||||
_userManager = userManager;
|
||||
@ -48,6 +52,9 @@ namespace MarcoBMS.Services.Controllers
|
||||
_configuration = configuration;
|
||||
_logger = logger;
|
||||
_signalR = signalR;
|
||||
_permission = permission;
|
||||
ViewAllEmployee = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b");
|
||||
ViewEmployee = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f");
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
@ -93,18 +100,39 @@ namespace MarcoBMS.Services.Controllers
|
||||
[Route("list/{projectid?}")]
|
||||
public async Task<IActionResult> GetEmployeesByProject(Guid? projectid, [FromQuery] bool ShowInactive)
|
||||
{
|
||||
// Step 1: Validate incoming request model state
|
||||
if (!ModelState.IsValid)
|
||||
{
|
||||
var errors = ModelState.Values
|
||||
.SelectMany(v => v.Errors)
|
||||
.Select(e => e.ErrorMessage)
|
||||
.ToList();
|
||||
|
||||
_logger.LogWarning("Invalid request model in GetEmployeesByProject. Errors: {@Errors}", errors);
|
||||
return BadRequest(ApiResponse<object>.ErrorResponse("Invalid data", errors, 400));
|
||||
}
|
||||
|
||||
// Step 2: Get currently logged-in employee
|
||||
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
|
||||
_logger.LogInfo("GetEmployeesByProject called by EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, ShowInactive: {ShowInactive}",
|
||||
loggedInEmployee.Id, projectid ?? Guid.Empty, ShowInactive);
|
||||
|
||||
// Step 3: Check permission (if project ID is not provided, user must have global view permission)
|
||||
var hasViewAllEmployeePermission = await _permission.HasPermission(ViewAllEmployee, loggedInEmployee.Id);
|
||||
if (projectid == null && !hasViewAllEmployeePermission)
|
||||
{
|
||||
_logger.LogWarning("Access denied. EmployeeId: {EmployeeId} tried to access employees without project filter", loggedInEmployee.Id);
|
||||
return StatusCode(403, ApiResponse<object>.ErrorResponse("You don't have access", "You don't have access", 403));
|
||||
}
|
||||
|
||||
// Step 4: Get employee list from helper based on project and visibility flag
|
||||
var result = await _employeeHelper.GetEmployeeByProjectId(GetTenantId(), projectid, ShowInactive);
|
||||
|
||||
return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
|
||||
_logger.LogInfo("Employees fetched successfully for ProjectId: {ProjectId} by EmployeeId: {EmployeeId}. Result Count: {Count}",
|
||||
projectid ?? Guid.Empty, loggedInEmployee.Id, result.Count());
|
||||
|
||||
// Step 5: Return success response with employee data
|
||||
return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
|
Loading…
x
Reference in New Issue
Block a user